A Week in Security (April 13 – 19)

Today, we look back and review last week’s posts here on Malwarebytes Unpacked and other noteworthy news:

“Invitation to the Great Illuminati” Spam Mail(Fraud/Scam Alert) Illuminati-themed spam campaign was plaguing inboxes early last week. The emails bearing the subject “INVITATION TO THE GREAT ILLUMINATI” was found to be another variant of the 419 scam, which has been around since time immemorial.

Apple ID Phish Goes Horribly Wrong(Fraud/Scam Alert) One of our security researchers found a bogus email that purported to originate from Apple and seemingly did its very best to look like it is actually dangerous.

Netflix-themed tech support scam comes back with more copycats(Fraud/Scam Alert) Jérôme Segura, one of our senior security researchers, found an elaborate scam using phishing and tech support methodologies that target Netflix users in February of this year. A similar campaign was spotted last week, with scammers also going after AOL, Pogo, and Comcast users, too. Live chats were now made part of the overall tactic.

Fake CNN Twitter sent users to diet spam and installs(Fraud/Scam Alert) Twitter becomes a more dangerous place for would-be victims when someone takes a compromised account, turns it into a fake account with a trusted brand, and then starts posting tweets about “helpful diets” to potentially unwanted programs (PUPs).

Another Game Company Encourages a Bad Email Habit(Security Threat) We applaud GearBox Software for proactively informing their gaming community to change their passwords following Amazon’s announcement that some of its services are vulnerable to Heartbleed. Unfortunately, how they did this trains the user to trust links in emails.

Phishers Bypass Steam Guard Protection(Fraud/Scam Alert) A one-of-a-kind phishing campaign that asks Steam users to hand over their SSFN file. Of course, once scammers get a hold of this file, they can login to user accounts.

Top security news:

LaCie admits to year-long credit card breach. A year after the breach started, the French hardware company LaCie comes clean, adding that information about users who have been shopping in their website from a year ago are highly at risk of fraud. (Source: CNet)

Confirmed: Nasty Heartbleed bug exposes OpenVPN private keys, too. Keys produced by OpenVPN, a popular virtual private network application, can be exposed by the Heartbleed bug if the bad guys decide to target it. Perhaps the only good take away here is that the exploit capable of stealing keys aren’t easy to develop, according to Fredrik Strömberg, an operator of a VPN service in Sweden. (Source: Ars Technica)

Facebook Webinject Leads to iBanking Mobile Bot. “iBanking is a malicious Android application that when installed on a mobile phone is able to spy on its user’s communications. This bot has many interesting phone-specific capabilities, including capturing incoming and outgoing SMS messages, redirecting incoming voice calls, and even capturing audio using the device’s microphone.” (Source: ESET We Live Security Blog)